2021-06-10 01:53:16 +08:00
// Copyright 2019 The Gitea Authors. All rights reserved.
2022-11-27 13:20:29 -05:00
// SPDX-License-Identifier: MIT
2021-06-10 01:53:16 +08:00
package auth
import (
"net/http"
2021-11-24 17:49:20 +08:00
user_model "code.gitea.io/gitea/models/user"
2021-06-10 01:53:16 +08:00
"code.gitea.io/gitea/modules/log"
)
// Ensure the struct implements the interface.
var (
2021-07-24 11:16:34 +01:00
_ Method = & Session { }
2021-06-10 01:53:16 +08:00
)
// Session checks if there is a user uid stored in the session and returns the user
// object for that uid.
2022-01-20 18:46:10 +01:00
type Session struct { }
2021-06-10 01:53:16 +08:00
// Name represents the name of auth method
func ( s * Session ) Name ( ) string {
return "session"
}
// Verify checks if there is a user uid stored in the session and returns the user
// object for that uid.
// Returns nil if there is no user uid stored in the session.
2022-12-28 13:53:28 +08:00
func ( s * Session ) Verify ( req * http . Request , w http . ResponseWriter , store DataStore , sess SessionStore ) ( * user_model . User , error ) {
2022-10-06 22:50:38 +02:00
if sess == nil {
2026-02-16 10:57:18 +01:00
return nil , nil //nolint:nilnil // the auth method is not applicable
2022-10-06 22:50:38 +02:00
}
2021-06-10 01:53:16 +08:00
// Get user ID
uid := sess . Get ( "uid" )
if uid == nil {
2026-02-16 10:57:18 +01:00
return nil , nil //nolint:nilnil // the auth method is not applicable
2021-06-10 01:53:16 +08:00
}
log . Trace ( "Session Authorization: Found user[%d]" , uid )
id , ok := uid . ( int64 )
if ! ok {
2026-02-16 10:57:18 +01:00
return nil , nil //nolint:nilnil // the auth method is not applicable
2021-06-10 01:53:16 +08:00
}
// Get user object
2024-03-21 16:48:08 +08:00
user , err := user_model . GetUserByID ( req . Context ( ) , id )
2021-06-10 01:53:16 +08:00
if err != nil {
2021-11-24 17:49:20 +08:00
if ! user_model . IsErrUserNotExist ( err ) {
2024-03-21 16:48:08 +08:00
log . Error ( "GetUserByID: %v" , err )
// Return the err as-is to keep current signed-in session, in case the err is something like context.Canceled. Otherwise non-existing user (nil, nil) will make the caller clear the signed-in session.
return nil , err
2021-06-10 01:53:16 +08:00
}
2026-02-16 10:57:18 +01:00
return nil , nil //nolint:nilnil // the auth method is not applicable
2021-06-10 01:53:16 +08:00
}
log . Trace ( "Session Authorization: Logged in user %-v" , user )
2024-03-21 16:48:08 +08:00
return user , nil
2021-06-10 01:53:16 +08:00
}